<?php

class passWord{	
	function rePassWord( $currentPassword ,$passWord , $passWord1 ){
		global $dbs , $user;
		$currentPassword = password($currentPassword);
		$passWord 		 = $passWord;
		$passWordCode	 = password($passWord);
		$passWord1		 = $passWord1;
		
		$list = $dbs -> select('SELECT `passWord` FROM `'.DB_PRE.'user` WHERE `id` ='. $user -> id() );
		$list = $list[0];
		
		if( $currentPassword != $list['passWord'] ){
			exit('{"status":"error","msg":"当前密码错误."}');
		}
		
		if( strlen($passWord) < PASS_MIN_LEN ){
			exit('{"status":"error","msg":"为了您账户安全,请将新密码长度必须大于等于'.PASS_MIN_LEN.'."}');
		}
		
		if( $passWordCode != password($passWord1) ){
			exit('{"status":"error","msg":"两次输入的密码不相同,请核对"}');
		}
		
		$array = array();
		$array['passWord'] = $passWordCode ;
		$dbs -> update(  DB_PRE .'user' , $array , ' id = '. $user -> id());
		
		$users = $dbs -> select('SELECT * FROM `'.DB_PRE.'user` WHERE `id` = '. $user -> id() .' limit 0,1');
		initUserLogin($users[0]);
		unset($users);
		exit('{"status":"ok","msg":"成功修改密码"}');
	}
	
	function reSetPassWord( $find_id , $userName ,$passWord , $passWord1 ){
		global $dbs ,$encrypt ;
		$find_id = $encrypt -> recode( $find_id );
		$find_id = explode(SPLIT_STRING , $find_id );
		$find_id = (int)$find_id[0];
	
		$passWord 		 = $passWord;
		$passWordCode	 = password($passWord);
		$passWord1Code	 = password($passWord1);
		
		if( $find_id == 0 ){
			exit('{"status":"error","msg":"错误的链接地址.(邮箱和此网页地址不匹配)"}');
		}
		
		$users = $dbs -> select('SELECT `id`,`userName` FROM `'.DB_PRE.'user` WHERE `userName` ="'. $userName .'" limit 0,1' );
		$users = $users[0];		
		if( count($users) == 0 ){
			exit('{"status":"error","msg":"用户不存在."}'); // user is not exist.
		}
		
		$user_id = $users['id'];
		
		$findList = $dbs -> select('SELECT `id`,`isSet` FROM `'.DB_PRE.'find_pass` WHERE `id` ='. $find_id .' and `user_id` = "'. $user_id.'" limit 0,1 ' );
		$findList = $findList[0];		
		if( count($findList) == 0 ){
			exit('{"status":"error","msg":"错误的链接地址.(邮箱和此网页地址不匹配)"}');
		}
		
		if( self::isUsed($find_id))
			exit('{"status":"error","msg":"操作失败. 此链接只能使用一次,请重新申请,<a href=\"'.urlRewrite('option=forgetPass').'\">点击申请.</a>."}');
		
		
		if( self::isTimeout($find_id) ){
			exit('{"status":"error","msg":"此链接已经过期,请重新申请. <a href=\"'.urlRewrite('option=forgetPass') .'\">点击申请.</a>."}');
		}	
		
		if( strlen($passWord) < PASS_MIN_LEN ){
			exit('{"status":"error","msg":"为了您账户安全,请将新密码长度必须大于等于'.PASS_MIN_LEN.'."}');
		}
		
		if( $passWordCode != $passWord1Code ){
			exit('{"status":"error","msg":"两次输入的密码不相同,请核对"}');
		}
		
		$array = array();
		$array['passWord'] = $passWordCode ;
		$dbs -> update(  DB_PRE .'user' , $array , ' id = '.$user_id );
		
		$array = array();
		$array['isSet'] = '1' ;
		$dbs -> update(  DB_PRE .'find_pass' , $array , ' id = '. $find_id );		

		exit('{"status":"ok","msg":"成功修改密码.  <a href=\"'.WEB_ROOT_PATH.'?option=login\">'.lang_login.'</a>"}');
	}
	
	function isTimeout($find_id){
		global $dbs;
		$findList = $dbs -> select('SELECT `id`,`created` FROM `'.DB_PRE.'find_pass` WHERE `id` ='. $find_id .' limit 0,1 ' );
		$findList = $findList[0];		
		if( time() - strtotime($findList['created']) > 24 * 60 * 60 * FIND_PASS_URL_TIME_LOST   ){
			return true;
		}
		return false;
	}
	
	function isUsed($find_id ){
		global $dbs;
		$findList = $dbs -> select('SELECT `id`,`isSet` FROM `'.DB_PRE.'find_pass` WHERE `id` ='. $find_id .' limit 0,1 ' );
		$findList = $findList[0];
		if( $findList['isSet'] == '1' ){
			return true ;
		}
		return false;
	}
	
	
	function forgetPass( $userName ){
		global $dbs , $encrypt , $user;
		
		$list = $dbs -> select('SELECT `id`,`userName` FROM `'.DB_PRE.'user` WHERE `userName` ="'. $userName .'" limit 0,1' );
		$list = $list[0];
		
		if( count($list) == 0 ){
			exit('{"status":"error","msg":"此用户不存在.请核对"}');
		}		
		$user_id = $list['id'];
		
		// check find times
		$sql = 'SELECT count(`id`) as `counts` FROM `'.DB_PRE.'find_pass` WHERE `user_id` ='. $user_id .' and `created` > "'. (date('Y-m-d H:i:s', time() - 24 * 60 * 60 )) .'"  limit 0,10';
		$findList = $dbs -> select($sql);
		$findList = $findList[0];
		$times = $findList['counts'];
		if( $times >= FIND_PASS_TIMES  ){
			exit('{"status":"error","msg":"操作失败. 每天最多只能使用 '.FIND_PASS_TIMES.' 次找回密码."}');
		}
		
		$array = array();
		$array['user_id'] 	= $user_id ;
		$array['created'] 	= date('Y-m-d H:i:s',time()) ;
		$array['ip']		= ip() ;
		$id = $dbs -> insert(  DB_PRE .'find_pass' , $array ,'id' );
		
		include(ROOTPATH .'class'. DS .'mail.calss.php');
		$mail = new email();
		$findUrl = WEB_ROOT_PATH .'?option=reSetPassWord&id='.  $encrypt -> code( $id . SPLIT_STRING . time() ) ;
		$body = '

尊敬的'. $list['nickName'] .'('. $userName .')：
<br />
<br />
<p>您好：根据您于 ['. date('Y-m-d H:i:s', time()) .'] 提交的请求，本邮件将引导您重新设置 您在 <a href="'.HOST_NAME.'" target="_blank">'.HOST_NAME.'</a>  网站的 的账户密码。</p>
<p><strong>如果您确认本次"重新设置密码"的请求是您自己提交的，<a href="'.$findUrl.'" target="_blank">请点这里完成密码重置操作</a>（本链接仅一次有效）。</strong></p>
<p>如果上面的链接无法点击，您也可以复制以下链接，粘贴到您浏览器的地址栏内，然后按"回车"键打开重设机密问题页面, 设置新的密码：</p>
<br />
<a href="'.$findUrl.'" target="_blank">'.$findUrl.'</a>
<p>如果您在以上时间点没有提交过"密码找回功能"的请求，请删除此邮件即可。（无须担心账户安全问题）</p>
<p>温馨提示：</p>
<br />
<p>1、'. WEB_NAME .'统一服务邮箱为 '.EMAIL_USER.' ，请注意邮件发送者，谨防假冒！。</p>
<p>2、如果您想修改您的密码保护资料，请登录 <a href="'.HOSTROOT.'?option=login" target="_blank">'.HOSTROOT.'?option=login</a> 进行修改。</p>
<p>3、本邮件为系统自动发出，请勿回复。</p>　
<br />
<p>感谢您使用 '.WEB_NAME.'，有任何问题您都可以登录 <a href="'.HOSTROOT.'?option=help" target="_blank">'.HOSTROOT.'?option=help</a> 与我们的客服中心联系！</p>
<br />
<br />
<br />
		' ;
		
		$sengMail = $mail -> send($to = $userName ,$name= $list['nickName'], $title = $list['nickName'] .',找回您的密码',$body  = $body );
		
		$mailUrl = explode('@',$userName);
		$mailUrl = 'http://mail.'. $mailUrl[1];
		
		if( $sengMail )
		
			exit('{"status":"ok","msg":"操作成功. 请稍后请查收您的邮箱:'.$userName.'.<br />(本次修改密码的链接有效期为: '.FIND_PASS_URL_TIME_LOST .' 天.)<br />登录邮箱: <a target=\"_blank\" href=\"'.$mailUrl.'\">'.$mailUrl.'</a>"}');
		else
			exit('{"status":"error","msg":"发送邮件失败"}');
	}


}
?>